kpot | 42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
Size

2.1MB
MD5

c9d4fa05a10ee18d9c1df403c979ed50
SHA1

4892afa701d4e5e8341db2b22f1b39e2df1a27a3
SHA256

42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704
SHA512

a2d8a58bb24f906872a8b6419b70e246201310e9fc9cef0516ff293f078649e963492323b8bcb7244c4005ddfed9519c1b2cf85a1930d17bfcff77945535e718
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIi5aIwC+Agr6S/FYqOc2PK:GemTLkNdfE0pZaQK

Score

10^/10

kpot xmrig miner stealer trojan

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral2/files/0x000700000002328e-4.dat	family_kpot
behavioral2/files/0x00090000000233ed-8.dat	family_kpot
behavioral2/files/0x00070000000233f5-9.dat	family_kpot
behavioral2/files/0x00070000000233f6-19.dat	family_kpot
behavioral2/files/0x00070000000233f7-22.dat	family_kpot
behavioral2/files/0x00070000000233f8-30.dat	family_kpot
behavioral2/files/0x00070000000233fa-39.dat	family_kpot
behavioral2/files/0x00070000000233fb-44.dat	family_kpot
behavioral2/files/0x0007000000023401-78.dat	family_kpot
behavioral2/files/0x0007000000023403-88.dat	family_kpot
behavioral2/files/0x0007000000023405-98.dat	family_kpot
behavioral2/files/0x0007000000023408-112.dat	family_kpot
behavioral2/files/0x000700000002340b-128.dat	family_kpot
behavioral2/files/0x0007000000023412-162.dat	family_kpot
behavioral2/files/0x0007000000023411-158.dat	family_kpot
behavioral2/files/0x0007000000023410-152.dat	family_kpot
behavioral2/files/0x000700000002340f-148.dat	family_kpot
behavioral2/files/0x000700000002340e-142.dat	family_kpot
behavioral2/files/0x000700000002340d-138.dat	family_kpot
behavioral2/files/0x000700000002340c-132.dat	family_kpot
behavioral2/files/0x000700000002340a-122.dat	family_kpot
behavioral2/files/0x0007000000023409-118.dat	family_kpot
behavioral2/files/0x0007000000023407-108.dat	family_kpot
behavioral2/files/0x0007000000023406-102.dat	family_kpot
behavioral2/files/0x0007000000023404-92.dat	family_kpot
behavioral2/files/0x0007000000023402-82.dat	family_kpot
behavioral2/files/0x0007000000023400-72.dat	family_kpot
behavioral2/files/0x00070000000233ff-68.dat	family_kpot
behavioral2/files/0x00070000000233fe-62.dat	family_kpot
behavioral2/files/0x00070000000233fd-58.dat	family_kpot
behavioral2/files/0x00070000000233fc-52.dat	family_kpot
behavioral2/files/0x00070000000233f9-35.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000700000002328e-4.dat	xmrig
behavioral2/files/0x00090000000233ed-8.dat	xmrig
behavioral2/files/0x00070000000233f5-9.dat	xmrig
behavioral2/files/0x00070000000233f6-19.dat	xmrig
behavioral2/files/0x00070000000233f7-22.dat	xmrig
behavioral2/files/0x00070000000233f8-30.dat	xmrig
behavioral2/files/0x00070000000233fa-39.dat	xmrig
behavioral2/files/0x00070000000233fb-44.dat	xmrig
behavioral2/files/0x0007000000023401-78.dat	xmrig
behavioral2/files/0x0007000000023403-88.dat	xmrig
behavioral2/files/0x0007000000023405-98.dat	xmrig
behavioral2/files/0x0007000000023408-112.dat	xmrig
behavioral2/files/0x000700000002340b-128.dat	xmrig
behavioral2/files/0x0007000000023412-162.dat	xmrig
behavioral2/files/0x0007000000023411-158.dat	xmrig
behavioral2/files/0x0007000000023410-152.dat	xmrig
behavioral2/files/0x000700000002340f-148.dat	xmrig
behavioral2/files/0x000700000002340e-142.dat	xmrig
behavioral2/files/0x000700000002340d-138.dat	xmrig
behavioral2/files/0x000700000002340c-132.dat	xmrig
behavioral2/files/0x000700000002340a-122.dat	xmrig
behavioral2/files/0x0007000000023409-118.dat	xmrig
behavioral2/files/0x0007000000023407-108.dat	xmrig
behavioral2/files/0x0007000000023406-102.dat	xmrig
behavioral2/files/0x0007000000023404-92.dat	xmrig
behavioral2/files/0x0007000000023402-82.dat	xmrig
behavioral2/files/0x0007000000023400-72.dat	xmrig
behavioral2/files/0x00070000000233ff-68.dat	xmrig
behavioral2/files/0x00070000000233fe-62.dat	xmrig
behavioral2/files/0x00070000000233fd-58.dat	xmrig
behavioral2/files/0x00070000000233fc-52.dat	xmrig
behavioral2/files/0x00070000000233f9-35.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
404	AJNIAal.exe
2824	FpvYVBZ.exe
1672	LSDLCLE.exe
1744	SJHmdjJ.exe
3148	WnNVtbl.exe
3128	HHMHRWq.exe
4624	fJpdYdy.exe
212	woMeEZn.exe
1608	LHxsQIC.exe
3844	SZuyzNr.exe
4132	NAsfRHq.exe
2984	TyTVfZD.exe
884	KINOfRZ.exe
1408	LQpJRUe.exe
3668	lBnlpGM.exe
3392	IRURKkd.exe
2052	adhBCLJ.exe
3388	SeRXQGM.exe
3356	HKUkkSO.exe
3484	KTeQbkk.exe
3280	XKOWEFk.exe
3932	bxktuoY.exe
2356	KtJfbik.exe
5048	IusTsuD.exe
3612	EmnYtfc.exe
3764	uwSuXsP.exe
4652	FdSXcSD.exe
1456	ZEOHCHT.exe
1604	czfMzZK.exe
4996	NnxXxmH.exe
3648	OzPYGpJ.exe
1272	eYZVSEk.exe
4304	AphmAzF.exe
4176	xUIOfMZ.exe
2112	BVluYqt.exe
2876	ZXmFjsv.exe
4388	lUpnVph.exe
4636	DBQvgky.exe
3740	onmrLeW.exe
4424	ZnPuFcs.exe
4432	jROCriV.exe
4072	OIRHvJt.exe
2276	BHmvJDf.exe
2248	UqohEhe.exe
1952	Kmflrjr.exe
2820	tiGzQEh.exe
860	GHntSRl.exe
528	RxEvdwu.exe
5016	XuICYOO.exe
5108	wLIuNrk.exe
3192	HkVGroK.exe
4696	bnGrokq.exe
4244	buoznPQ.exe
4488	UxGpncT.exe
4828	UThUdrj.exe
2024	vCtZATW.exe
2184	HHWyywL.exe
1484	neNiVyp.exe
4344	CbgFeMz.exe
4148	SpdIktm.exe
4564	KPMNiZJ.exe
3992	hxNSOTJ.exe
3492	kfuEWSE.exe
2892	gTqeYcC.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HHMHRWq.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\WMlMmOS.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\jRmZRaa.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\vdJyAlv.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\dNqMJEa.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\kDFCows.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\UThUdrj.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\hxNSOTJ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\SvpOyqb.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\mEDFOQA.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\PlUMxSm.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\FHUOhLM.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\LtnzbQN.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\OBlquCm.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\zMDPJzP.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\ZYkQzCX.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\VpNtezQ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\LYeZOQN.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\cnetdWZ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\ugGjAAu.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\TBOuBrx.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\pKxAxwd.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\hbYIIOf.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\SFeLeyF.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\DdYhzir.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\JyuSYmP.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\fmwooWU.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\XuICYOO.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\Bqehvdg.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\QmyVGNN.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\hoEkZUV.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\eiYRSgR.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\FNarabn.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\lvHtnRY.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\lBnlpGM.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\PhktdjT.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\sVYWucS.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\oOqkSQO.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\UPbZZAu.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\duDlkbQ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\hlOKEFb.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\eyKUhlM.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\WMIfAwY.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\NanEcrK.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\NAsfRHq.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\buoznPQ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\AIbtgwY.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\SsQNPKP.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\bxIKPSe.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\wqmdFfb.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\NPVhqLJ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\jjyynTD.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\wVtPjXt.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\KTeQbkk.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\tZKEAxR.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\vnLiYsV.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\FSiCMqo.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\vQWcHTi.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\SXdwQaW.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\LHimmWO.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\NtmKxMe.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\KINOfRZ.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\iGGFeEO.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
File created	C:\Windows\System\rvcORPB.exe	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 404	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	82
PID 1060 wrote to memory of 404	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	82
PID 1060 wrote to memory of 2824	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	83
PID 1060 wrote to memory of 2824	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	83
PID 1060 wrote to memory of 1672	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	84
PID 1060 wrote to memory of 1672	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	84
PID 1060 wrote to memory of 1744	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	85
PID 1060 wrote to memory of 1744	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	85
PID 1060 wrote to memory of 3148	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	86
PID 1060 wrote to memory of 3148	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	86
PID 1060 wrote to memory of 3128	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	87
PID 1060 wrote to memory of 3128	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	87
PID 1060 wrote to memory of 4624	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	88
PID 1060 wrote to memory of 4624	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	88
PID 1060 wrote to memory of 212	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	89
PID 1060 wrote to memory of 212	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	89
PID 1060 wrote to memory of 1608	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	90
PID 1060 wrote to memory of 1608	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	90
PID 1060 wrote to memory of 3844	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	91
PID 1060 wrote to memory of 3844	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	91
PID 1060 wrote to memory of 4132	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	92
PID 1060 wrote to memory of 4132	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	92
PID 1060 wrote to memory of 2984	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	93
PID 1060 wrote to memory of 2984	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	93
PID 1060 wrote to memory of 884	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	94
PID 1060 wrote to memory of 884	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	94
PID 1060 wrote to memory of 1408	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	95
PID 1060 wrote to memory of 1408	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	95
PID 1060 wrote to memory of 3668	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	96
PID 1060 wrote to memory of 3668	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	96
PID 1060 wrote to memory of 3392	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	97
PID 1060 wrote to memory of 3392	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	97
PID 1060 wrote to memory of 2052	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	98
PID 1060 wrote to memory of 2052	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	98
PID 1060 wrote to memory of 3388	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	99
PID 1060 wrote to memory of 3388	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	99
PID 1060 wrote to memory of 3356	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	100
PID 1060 wrote to memory of 3356	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	100
PID 1060 wrote to memory of 3484	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	101
PID 1060 wrote to memory of 3484	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	101
PID 1060 wrote to memory of 3280	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	102
PID 1060 wrote to memory of 3280	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	102
PID 1060 wrote to memory of 3932	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	103
PID 1060 wrote to memory of 3932	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	103
PID 1060 wrote to memory of 2356	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	104
PID 1060 wrote to memory of 2356	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	104
PID 1060 wrote to memory of 5048	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	105
PID 1060 wrote to memory of 5048	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	105
PID 1060 wrote to memory of 3612	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	106
PID 1060 wrote to memory of 3612	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	106
PID 1060 wrote to memory of 3764	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	107
PID 1060 wrote to memory of 3764	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	107
PID 1060 wrote to memory of 4652	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	108
PID 1060 wrote to memory of 4652	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	108
PID 1060 wrote to memory of 1456	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	109
PID 1060 wrote to memory of 1456	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	109
PID 1060 wrote to memory of 1604	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	110
PID 1060 wrote to memory of 1604	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	110
PID 1060 wrote to memory of 4996	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	111
PID 1060 wrote to memory of 4996	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	111
PID 1060 wrote to memory of 3648	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	112
PID 1060 wrote to memory of 3648	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	112
PID 1060 wrote to memory of 1272	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	113
PID 1060 wrote to memory of 1272	1060	42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42efcc1a137958a3391aaeaf12a5416226994202f81deed5b838a66aebb24704_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\System\AJNIAal.exe
  C:\Windows\System\AJNIAal.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\FpvYVBZ.exe
  C:\Windows\System\FpvYVBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\LSDLCLE.exe
  C:\Windows\System\LSDLCLE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\SJHmdjJ.exe
  C:\Windows\System\SJHmdjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\WnNVtbl.exe
  C:\Windows\System\WnNVtbl.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\HHMHRWq.exe
  C:\Windows\System\HHMHRWq.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\fJpdYdy.exe
  C:\Windows\System\fJpdYdy.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\woMeEZn.exe
  C:\Windows\System\woMeEZn.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\LHxsQIC.exe
  C:\Windows\System\LHxsQIC.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\SZuyzNr.exe
  C:\Windows\System\SZuyzNr.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\NAsfRHq.exe
  C:\Windows\System\NAsfRHq.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\TyTVfZD.exe
  C:\Windows\System\TyTVfZD.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\KINOfRZ.exe
  C:\Windows\System\KINOfRZ.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\LQpJRUe.exe
  C:\Windows\System\LQpJRUe.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\lBnlpGM.exe
  C:\Windows\System\lBnlpGM.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\IRURKkd.exe
  C:\Windows\System\IRURKkd.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\adhBCLJ.exe
  C:\Windows\System\adhBCLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\SeRXQGM.exe
  C:\Windows\System\SeRXQGM.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\HKUkkSO.exe
  C:\Windows\System\HKUkkSO.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\KTeQbkk.exe
  C:\Windows\System\KTeQbkk.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\XKOWEFk.exe
  C:\Windows\System\XKOWEFk.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\bxktuoY.exe
  C:\Windows\System\bxktuoY.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\KtJfbik.exe
  C:\Windows\System\KtJfbik.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\IusTsuD.exe
  C:\Windows\System\IusTsuD.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\EmnYtfc.exe
  C:\Windows\System\EmnYtfc.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\uwSuXsP.exe
  C:\Windows\System\uwSuXsP.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\FdSXcSD.exe
  C:\Windows\System\FdSXcSD.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\ZEOHCHT.exe
  C:\Windows\System\ZEOHCHT.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\czfMzZK.exe
  C:\Windows\System\czfMzZK.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\NnxXxmH.exe
  C:\Windows\System\NnxXxmH.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\OzPYGpJ.exe
  C:\Windows\System\OzPYGpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\eYZVSEk.exe
  C:\Windows\System\eYZVSEk.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\AphmAzF.exe
  C:\Windows\System\AphmAzF.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\xUIOfMZ.exe
  C:\Windows\System\xUIOfMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\BVluYqt.exe
  C:\Windows\System\BVluYqt.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ZXmFjsv.exe
  C:\Windows\System\ZXmFjsv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\lUpnVph.exe
  C:\Windows\System\lUpnVph.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\DBQvgky.exe
  C:\Windows\System\DBQvgky.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\onmrLeW.exe
  C:\Windows\System\onmrLeW.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\ZnPuFcs.exe
  C:\Windows\System\ZnPuFcs.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\jROCriV.exe
  C:\Windows\System\jROCriV.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\OIRHvJt.exe
  C:\Windows\System\OIRHvJt.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\BHmvJDf.exe
  C:\Windows\System\BHmvJDf.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\UqohEhe.exe
  C:\Windows\System\UqohEhe.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\Kmflrjr.exe
  C:\Windows\System\Kmflrjr.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\tiGzQEh.exe
  C:\Windows\System\tiGzQEh.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GHntSRl.exe
  C:\Windows\System\GHntSRl.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\RxEvdwu.exe
  C:\Windows\System\RxEvdwu.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\XuICYOO.exe
  C:\Windows\System\XuICYOO.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\wLIuNrk.exe
  C:\Windows\System\wLIuNrk.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\HkVGroK.exe
  C:\Windows\System\HkVGroK.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\bnGrokq.exe
  C:\Windows\System\bnGrokq.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\buoznPQ.exe
  C:\Windows\System\buoznPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\UxGpncT.exe
  C:\Windows\System\UxGpncT.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\UThUdrj.exe
  C:\Windows\System\UThUdrj.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\vCtZATW.exe
  C:\Windows\System\vCtZATW.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\HHWyywL.exe
  C:\Windows\System\HHWyywL.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\neNiVyp.exe
  C:\Windows\System\neNiVyp.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\CbgFeMz.exe
  C:\Windows\System\CbgFeMz.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\SpdIktm.exe
  C:\Windows\System\SpdIktm.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\KPMNiZJ.exe
  C:\Windows\System\KPMNiZJ.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\hxNSOTJ.exe
  C:\Windows\System\hxNSOTJ.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\kfuEWSE.exe
  C:\Windows\System\kfuEWSE.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\gTqeYcC.exe
  C:\Windows\System\gTqeYcC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\PlUMxSm.exe
  C:\Windows\System\PlUMxSm.exe
  2⤵
  PID:1040
- C:\Windows\System\LUhdcZM.exe
  C:\Windows\System\LUhdcZM.exe
  2⤵
  PID:776
- C:\Windows\System\rVExbaG.exe
  C:\Windows\System\rVExbaG.exe
  2⤵
  PID:1628
- C:\Windows\System\XlMvypX.exe
  C:\Windows\System\XlMvypX.exe
  2⤵
  PID:2604
- C:\Windows\System\EFyAMHc.exe
  C:\Windows\System\EFyAMHc.exe
  2⤵
  PID:2408
- C:\Windows\System\lYKXtTo.exe
  C:\Windows\System\lYKXtTo.exe
  2⤵
  PID:4848
- C:\Windows\System\SsQNPKP.exe
  C:\Windows\System\SsQNPKP.exe
  2⤵
  PID:3224
- C:\Windows\System\RxhQXDf.exe
  C:\Windows\System\RxhQXDf.exe
  2⤵
  PID:980
- C:\Windows\System\OpwhBCG.exe
  C:\Windows\System\OpwhBCG.exe
  2⤵
  PID:5036
- C:\Windows\System\duDlkbQ.exe
  C:\Windows\System\duDlkbQ.exe
  2⤵
  PID:3012
- C:\Windows\System\NiwSESu.exe
  C:\Windows\System\NiwSESu.exe
  2⤵
  PID:2240
- C:\Windows\System\udggNBE.exe
  C:\Windows\System\udggNBE.exe
  2⤵
  PID:1840
- C:\Windows\System\bVPVunM.exe
  C:\Windows\System\bVPVunM.exe
  2⤵
  PID:3260
- C:\Windows\System\jRmZRaa.exe
  C:\Windows\System\jRmZRaa.exe
  2⤵
  PID:3600
- C:\Windows\System\lHAMzLm.exe
  C:\Windows\System\lHAMzLm.exe
  2⤵
  PID:1912
- C:\Windows\System\IjKydrV.exe
  C:\Windows\System\IjKydrV.exe
  2⤵
  PID:3968
- C:\Windows\System\tPMFJpk.exe
  C:\Windows\System\tPMFJpk.exe
  2⤵
  PID:3984
- C:\Windows\System\OAlMAcz.exe
  C:\Windows\System\OAlMAcz.exe
  2⤵
  PID:2312
- C:\Windows\System\vdJyAlv.exe
  C:\Windows\System\vdJyAlv.exe
  2⤵
  PID:2060
- C:\Windows\System\hZuHQqf.exe
  C:\Windows\System\hZuHQqf.exe
  2⤵
  PID:3172
- C:\Windows\System\ZpdOCSG.exe
  C:\Windows\System\ZpdOCSG.exe
  2⤵
  PID:4340
- C:\Windows\System\JXReAig.exe
  C:\Windows\System\JXReAig.exe
  2⤵
  PID:4772
- C:\Windows\System\BiBGxuA.exe
  C:\Windows\System\BiBGxuA.exe
  2⤵
  PID:1016
- C:\Windows\System\YcgnceV.exe
  C:\Windows\System\YcgnceV.exe
  2⤵
  PID:3112
- C:\Windows\System\sGLeOIq.exe
  C:\Windows\System\sGLeOIq.exe
  2⤵
  PID:1520
- C:\Windows\System\wMtASNC.exe
  C:\Windows\System\wMtASNC.exe
  2⤵
  PID:2308
- C:\Windows\System\NCZwkUE.exe
  C:\Windows\System\NCZwkUE.exe
  2⤵
  PID:2108
- C:\Windows\System\ZYkQzCX.exe
  C:\Windows\System\ZYkQzCX.exe
  2⤵
  PID:1616
- C:\Windows\System\jtIpyxO.exe
  C:\Windows\System\jtIpyxO.exe
  2⤵
  PID:2828
- C:\Windows\System\mSqMgvy.exe
  C:\Windows\System\mSqMgvy.exe
  2⤵
  PID:3180
- C:\Windows\System\xbkMScx.exe
  C:\Windows\System\xbkMScx.exe
  2⤵
  PID:3876
- C:\Windows\System\CXkrpFA.exe
  C:\Windows\System\CXkrpFA.exe
  2⤵
  PID:5144
- C:\Windows\System\Bqehvdg.exe
  C:\Windows\System\Bqehvdg.exe
  2⤵
  PID:5172
- C:\Windows\System\SpQXpjr.exe
  C:\Windows\System\SpQXpjr.exe
  2⤵
  PID:5200
- C:\Windows\System\PFRxBoH.exe
  C:\Windows\System\PFRxBoH.exe
  2⤵
  PID:5228
- C:\Windows\System\DbpJCbk.exe
  C:\Windows\System\DbpJCbk.exe
  2⤵
  PID:5256
- C:\Windows\System\qSzZtRh.exe
  C:\Windows\System\qSzZtRh.exe
  2⤵
  PID:5284
- C:\Windows\System\FrDKrvO.exe
  C:\Windows\System\FrDKrvO.exe
  2⤵
  PID:5312
- C:\Windows\System\VpNtezQ.exe
  C:\Windows\System\VpNtezQ.exe
  2⤵
  PID:5340
- C:\Windows\System\xFilIZs.exe
  C:\Windows\System\xFilIZs.exe
  2⤵
  PID:5368
- C:\Windows\System\pKxAxwd.exe
  C:\Windows\System\pKxAxwd.exe
  2⤵
  PID:5396
- C:\Windows\System\dlOZykM.exe
  C:\Windows\System\dlOZykM.exe
  2⤵
  PID:5424
- C:\Windows\System\RIOxlel.exe
  C:\Windows\System\RIOxlel.exe
  2⤵
  PID:5452
- C:\Windows\System\SvpOyqb.exe
  C:\Windows\System\SvpOyqb.exe
  2⤵
  PID:5480
- C:\Windows\System\tNMllgO.exe
  C:\Windows\System\tNMllgO.exe
  2⤵
  PID:5508
- C:\Windows\System\tZKEAxR.exe
  C:\Windows\System\tZKEAxR.exe
  2⤵
  PID:5536
- C:\Windows\System\DaCsCQi.exe
  C:\Windows\System\DaCsCQi.exe
  2⤵
  PID:5564
- C:\Windows\System\NvezedM.exe
  C:\Windows\System\NvezedM.exe
  2⤵
  PID:5592
- C:\Windows\System\bBJetCo.exe
  C:\Windows\System\bBJetCo.exe
  2⤵
  PID:5620
- C:\Windows\System\GaecsZo.exe
  C:\Windows\System\GaecsZo.exe
  2⤵
  PID:5648
- C:\Windows\System\WMlMmOS.exe
  C:\Windows\System\WMlMmOS.exe
  2⤵
  PID:5676
- C:\Windows\System\OqjRjHf.exe
  C:\Windows\System\OqjRjHf.exe
  2⤵
  PID:5704
- C:\Windows\System\menpGwA.exe
  C:\Windows\System\menpGwA.exe
  2⤵
  PID:5732
- C:\Windows\System\yLNNIkF.exe
  C:\Windows\System\yLNNIkF.exe
  2⤵
  PID:5760
- C:\Windows\System\qfhcjrw.exe
  C:\Windows\System\qfhcjrw.exe
  2⤵
  PID:5788
- C:\Windows\System\BzfVbzP.exe
  C:\Windows\System\BzfVbzP.exe
  2⤵
  PID:5816
- C:\Windows\System\iGGFeEO.exe
  C:\Windows\System\iGGFeEO.exe
  2⤵
  PID:5844
- C:\Windows\System\hauatVG.exe
  C:\Windows\System\hauatVG.exe
  2⤵
  PID:5872
- C:\Windows\System\JzIRzXy.exe
  C:\Windows\System\JzIRzXy.exe
  2⤵
  PID:5900
- C:\Windows\System\hlOKEFb.exe
  C:\Windows\System\hlOKEFb.exe
  2⤵
  PID:5928
- C:\Windows\System\vnLiYsV.exe
  C:\Windows\System\vnLiYsV.exe
  2⤵
  PID:5956
- C:\Windows\System\ZbeVdDM.exe
  C:\Windows\System\ZbeVdDM.exe
  2⤵
  PID:5984
- C:\Windows\System\hbYIIOf.exe
  C:\Windows\System\hbYIIOf.exe
  2⤵
  PID:6012
- C:\Windows\System\FSiCMqo.exe
  C:\Windows\System\FSiCMqo.exe
  2⤵
  PID:6040
- C:\Windows\System\prTaOhA.exe
  C:\Windows\System\prTaOhA.exe
  2⤵
  PID:6068
- C:\Windows\System\pTQNdfa.exe
  C:\Windows\System\pTQNdfa.exe
  2⤵
  PID:6096
- C:\Windows\System\XrKdKDc.exe
  C:\Windows\System\XrKdKDc.exe
  2⤵
  PID:6124
- C:\Windows\System\SqRyjKv.exe
  C:\Windows\System\SqRyjKv.exe
  2⤵
  PID:2548
- C:\Windows\System\pfMcwca.exe
  C:\Windows\System\pfMcwca.exe
  2⤵
  PID:2996
- C:\Windows\System\xSndBzK.exe
  C:\Windows\System\xSndBzK.exe
  2⤵
  PID:1948
- C:\Windows\System\ChHoqHV.exe
  C:\Windows\System\ChHoqHV.exe
  2⤵
  PID:3140
- C:\Windows\System\nlDEdPD.exe
  C:\Windows\System\nlDEdPD.exe
  2⤵
  PID:432
- C:\Windows\System\vQWcHTi.exe
  C:\Windows\System\vQWcHTi.exe
  2⤵
  PID:5156
- C:\Windows\System\UuMpjPE.exe
  C:\Windows\System\UuMpjPE.exe
  2⤵
  PID:5240
- C:\Windows\System\VLNqdLy.exe
  C:\Windows\System\VLNqdLy.exe
  2⤵
  PID:5296
- C:\Windows\System\IMQiOiC.exe
  C:\Windows\System\IMQiOiC.exe
  2⤵
  PID:5356
- C:\Windows\System\URztDub.exe
  C:\Windows\System\URztDub.exe
  2⤵
  PID:5388
- C:\Windows\System\VTdohny.exe
  C:\Windows\System\VTdohny.exe
  2⤵
  PID:5464
- C:\Windows\System\rvcORPB.exe
  C:\Windows\System\rvcORPB.exe
  2⤵
  PID:5520
- C:\Windows\System\QpYwqVs.exe
  C:\Windows\System\QpYwqVs.exe
  2⤵
  PID:5584
- C:\Windows\System\yqCgICn.exe
  C:\Windows\System\yqCgICn.exe
  2⤵
  PID:5640
- C:\Windows\System\aUOKiRO.exe
  C:\Windows\System\aUOKiRO.exe
  2⤵
  PID:5716
- C:\Windows\System\zyIIJLT.exe
  C:\Windows\System\zyIIJLT.exe
  2⤵
  PID:5772
- C:\Windows\System\hasdqbD.exe
  C:\Windows\System\hasdqbD.exe
  2⤵
  PID:2652
- C:\Windows\System\oYQCOAw.exe
  C:\Windows\System\oYQCOAw.exe
  2⤵
  PID:5888
- C:\Windows\System\QmyVGNN.exe
  C:\Windows\System\QmyVGNN.exe
  2⤵
  PID:5968
- C:\Windows\System\bxIKPSe.exe
  C:\Windows\System\bxIKPSe.exe
  2⤵
  PID:6004
- C:\Windows\System\TPwIOlp.exe
  C:\Windows\System\TPwIOlp.exe
  2⤵
  PID:6084
- C:\Windows\System\ZUmfHgy.exe
  C:\Windows\System\ZUmfHgy.exe
  2⤵
  PID:6140
- C:\Windows\System\awbKKAk.exe
  C:\Windows\System\awbKKAk.exe
  2⤵
  PID:3920
- C:\Windows\System\kudCWQB.exe
  C:\Windows\System\kudCWQB.exe
  2⤵
  PID:3972
- C:\Windows\System\IzkYgCZ.exe
  C:\Windows\System\IzkYgCZ.exe
  2⤵
  PID:5248
- C:\Windows\System\qgGGQXC.exe
  C:\Windows\System\qgGGQXC.exe
  2⤵
  PID:5384
- C:\Windows\System\xPjsHrm.exe
  C:\Windows\System\xPjsHrm.exe
  2⤵
  PID:5552
- C:\Windows\System\XYvTWWK.exe
  C:\Windows\System\XYvTWWK.exe
  2⤵
  PID:5688
- C:\Windows\System\DFoNOUH.exe
  C:\Windows\System\DFoNOUH.exe
  2⤵
  PID:5804
- C:\Windows\System\vMfruvc.exe
  C:\Windows\System\vMfruvc.exe
  2⤵
  PID:1120
- C:\Windows\System\qqaYdgE.exe
  C:\Windows\System\qqaYdgE.exe
  2⤵
  PID:6056
- C:\Windows\System\xpKkXcg.exe
  C:\Windows\System\xpKkXcg.exe
  2⤵
  PID:1668
- C:\Windows\System\TRkDKmP.exe
  C:\Windows\System\TRkDKmP.exe
  2⤵
  PID:5192
- C:\Windows\System\YsqLKfx.exe
  C:\Windows\System\YsqLKfx.exe
  2⤵
  PID:5332
- C:\Windows\System\eyKUhlM.exe
  C:\Windows\System\eyKUhlM.exe
  2⤵
  PID:5744
- C:\Windows\System\tIPCinj.exe
  C:\Windows\System\tIPCinj.exe
  2⤵
  PID:3756
- C:\Windows\System\AIbtgwY.exe
  C:\Windows\System\AIbtgwY.exe
  2⤵
  PID:1384
- C:\Windows\System\dArZLty.exe
  C:\Windows\System\dArZLty.exe
  2⤵
  PID:6164
- C:\Windows\System\URZbuYF.exe
  C:\Windows\System\URZbuYF.exe
  2⤵
  PID:6192
- C:\Windows\System\SlQLnrN.exe
  C:\Windows\System\SlQLnrN.exe
  2⤵
  PID:6220
- C:\Windows\System\vxAZzyW.exe
  C:\Windows\System\vxAZzyW.exe
  2⤵
  PID:6248
- C:\Windows\System\UPuZtOE.exe
  C:\Windows\System\UPuZtOE.exe
  2⤵
  PID:6276
- C:\Windows\System\SXdwQaW.exe
  C:\Windows\System\SXdwQaW.exe
  2⤵
  PID:6304
- C:\Windows\System\fXXuSSo.exe
  C:\Windows\System\fXXuSSo.exe
  2⤵
  PID:6332
- C:\Windows\System\xoVrAXl.exe
  C:\Windows\System\xoVrAXl.exe
  2⤵
  PID:6360
- C:\Windows\System\RxRImZG.exe
  C:\Windows\System\RxRImZG.exe
  2⤵
  PID:6388
- C:\Windows\System\NtmKxMe.exe
  C:\Windows\System\NtmKxMe.exe
  2⤵
  PID:6440
- C:\Windows\System\sEmLajy.exe
  C:\Windows\System\sEmLajy.exe
  2⤵
  PID:6476
- C:\Windows\System\kgjXTOO.exe
  C:\Windows\System\kgjXTOO.exe
  2⤵
  PID:6516
- C:\Windows\System\koLYHjU.exe
  C:\Windows\System\koLYHjU.exe
  2⤵
  PID:6544
- C:\Windows\System\WMIfAwY.exe
  C:\Windows\System\WMIfAwY.exe
  2⤵
  PID:6572
- C:\Windows\System\mBEmOCm.exe
  C:\Windows\System\mBEmOCm.exe
  2⤵
  PID:6600
- C:\Windows\System\TruedIL.exe
  C:\Windows\System\TruedIL.exe
  2⤵
  PID:6628
- C:\Windows\System\quAEPML.exe
  C:\Windows\System\quAEPML.exe
  2⤵
  PID:6660
- C:\Windows\System\TVcmHdp.exe
  C:\Windows\System\TVcmHdp.exe
  2⤵
  PID:6692
- C:\Windows\System\NPVhqLJ.exe
  C:\Windows\System\NPVhqLJ.exe
  2⤵
  PID:6716
- C:\Windows\System\auqDxQR.exe
  C:\Windows\System\auqDxQR.exe
  2⤵
  PID:6740
- C:\Windows\System\obzLhBY.exe
  C:\Windows\System\obzLhBY.exe
  2⤵
  PID:6768
- C:\Windows\System\PjiStGQ.exe
  C:\Windows\System\PjiStGQ.exe
  2⤵
  PID:6804
- C:\Windows\System\vyuqaTb.exe
  C:\Windows\System\vyuqaTb.exe
  2⤵
  PID:6828
- C:\Windows\System\SFeLeyF.exe
  C:\Windows\System\SFeLeyF.exe
  2⤵
  PID:6852
- C:\Windows\System\gKNvbVq.exe
  C:\Windows\System\gKNvbVq.exe
  2⤵
  PID:6880
- C:\Windows\System\kZYntnj.exe
  C:\Windows\System\kZYntnj.exe
  2⤵
  PID:6908
- C:\Windows\System\XQWUvGp.exe
  C:\Windows\System\XQWUvGp.exe
  2⤵
  PID:6936
- C:\Windows\System\rgBUFvw.exe
  C:\Windows\System\rgBUFvw.exe
  2⤵
  PID:6964
- C:\Windows\System\DdYhzir.exe
  C:\Windows\System\DdYhzir.exe
  2⤵
  PID:6996
- C:\Windows\System\DqviSHu.exe
  C:\Windows\System\DqviSHu.exe
  2⤵
  PID:7024
- C:\Windows\System\FHUOhLM.exe
  C:\Windows\System\FHUOhLM.exe
  2⤵
  PID:7052
- C:\Windows\System\dNqMJEa.exe
  C:\Windows\System\dNqMJEa.exe
  2⤵
  PID:7076
- C:\Windows\System\eFzrlcw.exe
  C:\Windows\System\eFzrlcw.exe
  2⤵
  PID:7104
- C:\Windows\System\nKfepEj.exe
  C:\Windows\System\nKfepEj.exe
  2⤵
  PID:7132
- C:\Windows\System\ignXApc.exe
  C:\Windows\System\ignXApc.exe
  2⤵
  PID:7160
- C:\Windows\System\wSvzsKF.exe
  C:\Windows\System\wSvzsKF.exe
  2⤵
  PID:3060
- C:\Windows\System\RtjNijY.exe
  C:\Windows\System\RtjNijY.exe
  2⤵
  PID:1684
- C:\Windows\System\aAIZukI.exe
  C:\Windows\System\aAIZukI.exe
  2⤵
  PID:6152
- C:\Windows\System\LtnzbQN.exe
  C:\Windows\System\LtnzbQN.exe
  2⤵
  PID:4780
- C:\Windows\System\AmcrCUT.exe
  C:\Windows\System\AmcrCUT.exe
  2⤵
  PID:2844
- C:\Windows\System\xDQaffx.exe
  C:\Windows\System\xDQaffx.exe
  2⤵
  PID:6296
- C:\Windows\System\qRdoVPb.exe
  C:\Windows\System\qRdoVPb.exe
  2⤵
  PID:2444
- C:\Windows\System\nIMvJWX.exe
  C:\Windows\System\nIMvJWX.exe
  2⤵
  PID:5080
- C:\Windows\System\DAuOrko.exe
  C:\Windows\System\DAuOrko.exe
  2⤵
  PID:6424
- C:\Windows\System\yPJbFYE.exe
  C:\Windows\System\yPJbFYE.exe
  2⤵
  PID:6496
- C:\Windows\System\pMKrZbv.exe
  C:\Windows\System\pMKrZbv.exe
  2⤵
  PID:4880
- C:\Windows\System\qKzeiZw.exe
  C:\Windows\System\qKzeiZw.exe
  2⤵
  PID:2476
- C:\Windows\System\nlNRHRt.exe
  C:\Windows\System\nlNRHRt.exe
  2⤵
  PID:5072
- C:\Windows\System\ZkUXQIP.exe
  C:\Windows\System\ZkUXQIP.exe
  2⤵
  PID:4940
- C:\Windows\System\MDlZVFZ.exe
  C:\Windows\System\MDlZVFZ.exe
  2⤵
  PID:672
- C:\Windows\System\wqGtvpd.exe
  C:\Windows\System\wqGtvpd.exe
  2⤵
  PID:3080
- C:\Windows\System\gzIeAVj.exe
  C:\Windows\System\gzIeAVj.exe
  2⤵
  PID:4676
- C:\Windows\System\xlhTDKY.exe
  C:\Windows\System\xlhTDKY.exe
  2⤵
  PID:6624
- C:\Windows\System\eKKzeOz.exe
  C:\Windows\System\eKKzeOz.exe
  2⤵
  PID:6700
- C:\Windows\System\LYeZOQN.exe
  C:\Windows\System\LYeZOQN.exe
  2⤵
  PID:6764
- C:\Windows\System\hoEkZUV.exe
  C:\Windows\System\hoEkZUV.exe
  2⤵
  PID:6820
- C:\Windows\System\MRqXhgu.exe
  C:\Windows\System\MRqXhgu.exe
  2⤵
  PID:6892
- C:\Windows\System\eSQKgqB.exe
  C:\Windows\System\eSQKgqB.exe
  2⤵
  PID:6956
- C:\Windows\System\XEUMvBh.exe
  C:\Windows\System\XEUMvBh.exe
  2⤵
  PID:7012
- C:\Windows\System\VIVRxdS.exe
  C:\Windows\System\VIVRxdS.exe
  2⤵
  PID:7096
- C:\Windows\System\SyeSySv.exe
  C:\Windows\System\SyeSySv.exe
  2⤵
  PID:7152
- C:\Windows\System\NanEcrK.exe
  C:\Windows\System\NanEcrK.exe
  2⤵
  PID:6148
- C:\Windows\System\PhktdjT.exe
  C:\Windows\System\PhktdjT.exe
  2⤵
  PID:6260
- C:\Windows\System\wtNlTsK.exe
  C:\Windows\System\wtNlTsK.exe
  2⤵
  PID:4604
- C:\Windows\System\TooBhlE.exe
  C:\Windows\System\TooBhlE.exe
  2⤵
  PID:6436
- C:\Windows\System\rNomELa.exe
  C:\Windows\System\rNomELa.exe
  2⤵
  PID:6508
- C:\Windows\System\yOOqnul.exe
  C:\Windows\System\yOOqnul.exe
  2⤵
  PID:6556
- C:\Windows\System\qanDdqJ.exe
  C:\Windows\System\qanDdqJ.exe
  2⤵
  PID:2928
- C:\Windows\System\XoqavWR.exe
  C:\Windows\System\XoqavWR.exe
  2⤵
  PID:6680
- C:\Windows\System\BKLatjQ.exe
  C:\Windows\System\BKLatjQ.exe
  2⤵
  PID:6816
- C:\Windows\System\sVYWucS.exe
  C:\Windows\System\sVYWucS.exe
  2⤵
  PID:6984
- C:\Windows\System\xtxkNnl.exe
  C:\Windows\System\xtxkNnl.exe
  2⤵
  PID:7128
- C:\Windows\System\CfgyoYe.exe
  C:\Windows\System\CfgyoYe.exe
  2⤵
  PID:6240
- C:\Windows\System\PHLJstn.exe
  C:\Windows\System\PHLJstn.exe
  2⤵
  PID:4788
- C:\Windows\System\CTlqdEh.exe
  C:\Windows\System\CTlqdEh.exe
  2⤵
  PID:6592
- C:\Windows\System\zeufnVp.exe
  C:\Windows\System\zeufnVp.exe
  2⤵
  PID:6812
- C:\Windows\System\LbUviES.exe
  C:\Windows\System\LbUviES.exe
  2⤵
  PID:3820
- C:\Windows\System\RyhERcB.exe
  C:\Windows\System\RyhERcB.exe
  2⤵
  PID:332
- C:\Windows\System\xohSMKZ.exe
  C:\Windows\System\xohSMKZ.exe
  2⤵
  PID:6428
- C:\Windows\System\hLODwLW.exe
  C:\Windows\System\hLODwLW.exe
  2⤵
  PID:7116
- C:\Windows\System\VdChgEM.exe
  C:\Windows\System\VdChgEM.exe
  2⤵
  PID:7192
- C:\Windows\System\VEKXqCj.exe
  C:\Windows\System\VEKXqCj.exe
  2⤵
  PID:7224
- C:\Windows\System\JyuSYmP.exe
  C:\Windows\System\JyuSYmP.exe
  2⤵
  PID:7248
- C:\Windows\System\eJeSeLA.exe
  C:\Windows\System\eJeSeLA.exe
  2⤵
  PID:7276
- C:\Windows\System\hXpFYXG.exe
  C:\Windows\System\hXpFYXG.exe
  2⤵
  PID:7304
- C:\Windows\System\TQJGwWC.exe
  C:\Windows\System\TQJGwWC.exe
  2⤵
  PID:7332
- C:\Windows\System\kOaPYGo.exe
  C:\Windows\System\kOaPYGo.exe
  2⤵
  PID:7360
- C:\Windows\System\HPPsCnA.exe
  C:\Windows\System\HPPsCnA.exe
  2⤵
  PID:7388
- C:\Windows\System\ugGjAAu.exe
  C:\Windows\System\ugGjAAu.exe
  2⤵
  PID:7416
- C:\Windows\System\KzhBOUT.exe
  C:\Windows\System\KzhBOUT.exe
  2⤵
  PID:7444
- C:\Windows\System\UqXtLaQ.exe
  C:\Windows\System\UqXtLaQ.exe
  2⤵
  PID:7472
- C:\Windows\System\yYgZLYC.exe
  C:\Windows\System\yYgZLYC.exe
  2⤵
  PID:7500
- C:\Windows\System\hGkWoWP.exe
  C:\Windows\System\hGkWoWP.exe
  2⤵
  PID:7528
- C:\Windows\System\jjyynTD.exe
  C:\Windows\System\jjyynTD.exe
  2⤵
  PID:7556
- C:\Windows\System\qrVyxHl.exe
  C:\Windows\System\qrVyxHl.exe
  2⤵
  PID:7584
- C:\Windows\System\rlrALsY.exe
  C:\Windows\System\rlrALsY.exe
  2⤵
  PID:7612
- C:\Windows\System\PEIjHZH.exe
  C:\Windows\System\PEIjHZH.exe
  2⤵
  PID:7640
- C:\Windows\System\mmzPgTB.exe
  C:\Windows\System\mmzPgTB.exe
  2⤵
  PID:7668
- C:\Windows\System\bsKEogV.exe
  C:\Windows\System\bsKEogV.exe
  2⤵
  PID:7696
- C:\Windows\System\OBlquCm.exe
  C:\Windows\System\OBlquCm.exe
  2⤵
  PID:7724
- C:\Windows\System\KFRCDqh.exe
  C:\Windows\System\KFRCDqh.exe
  2⤵
  PID:7752
- C:\Windows\System\oOqkSQO.exe
  C:\Windows\System\oOqkSQO.exe
  2⤵
  PID:7780
- C:\Windows\System\NMKWhnf.exe
  C:\Windows\System\NMKWhnf.exe
  2⤵
  PID:7808
- C:\Windows\System\kDFCows.exe
  C:\Windows\System\kDFCows.exe
  2⤵
  PID:7836
- C:\Windows\System\ChpHzoP.exe
  C:\Windows\System\ChpHzoP.exe
  2⤵
  PID:7864
- C:\Windows\System\PxwgnKE.exe
  C:\Windows\System\PxwgnKE.exe
  2⤵
  PID:7892
- C:\Windows\System\wVtPjXt.exe
  C:\Windows\System\wVtPjXt.exe
  2⤵
  PID:7920
- C:\Windows\System\UPbZZAu.exe
  C:\Windows\System\UPbZZAu.exe
  2⤵
  PID:7948
- C:\Windows\System\ZxKcpeM.exe
  C:\Windows\System\ZxKcpeM.exe
  2⤵
  PID:7976
- C:\Windows\System\VatzsgG.exe
  C:\Windows\System\VatzsgG.exe
  2⤵
  PID:8004
- C:\Windows\System\HMYsYMc.exe
  C:\Windows\System\HMYsYMc.exe
  2⤵
  PID:8032
- C:\Windows\System\XekeCqA.exe
  C:\Windows\System\XekeCqA.exe
  2⤵
  PID:8060
- C:\Windows\System\TBOuBrx.exe
  C:\Windows\System\TBOuBrx.exe
  2⤵
  PID:8088
- C:\Windows\System\eiYRSgR.exe
  C:\Windows\System\eiYRSgR.exe
  2⤵
  PID:8116
- C:\Windows\System\ARNxlIJ.exe
  C:\Windows\System\ARNxlIJ.exe
  2⤵
  PID:8144
- C:\Windows\System\zMDPJzP.exe
  C:\Windows\System\zMDPJzP.exe
  2⤵
  PID:8172
- C:\Windows\System\UnZpNvZ.exe
  C:\Windows\System\UnZpNvZ.exe
  2⤵
  PID:7188
- C:\Windows\System\tyFMWtl.exe
  C:\Windows\System\tyFMWtl.exe
  2⤵
  PID:7260
- C:\Windows\System\VwJdHmI.exe
  C:\Windows\System\VwJdHmI.exe
  2⤵
  PID:7324
- C:\Windows\System\OlGbOuK.exe
  C:\Windows\System\OlGbOuK.exe
  2⤵
  PID:7408
- C:\Windows\System\XzEGEsQ.exe
  C:\Windows\System\XzEGEsQ.exe
  2⤵
  PID:7456
- C:\Windows\System\fmwooWU.exe
  C:\Windows\System\fmwooWU.exe
  2⤵
  PID:7520
- C:\Windows\System\mEDFOQA.exe
  C:\Windows\System\mEDFOQA.exe
  2⤵
  PID:7576
- C:\Windows\System\xVuZxzH.exe
  C:\Windows\System\xVuZxzH.exe
  2⤵
  PID:7652
- C:\Windows\System\zbLxsPF.exe
  C:\Windows\System\zbLxsPF.exe
  2⤵
  PID:7716
- C:\Windows\System\eEQjnoF.exe
  C:\Windows\System\eEQjnoF.exe
  2⤵
  PID:7776
- C:\Windows\System\fkwWZbs.exe
  C:\Windows\System\fkwWZbs.exe
  2⤵
  PID:7848
- C:\Windows\System\wDItNmU.exe
  C:\Windows\System\wDItNmU.exe
  2⤵
  PID:7912
- C:\Windows\System\TJsHfGE.exe
  C:\Windows\System\TJsHfGE.exe
  2⤵
  PID:7972
- C:\Windows\System\rFdyFyG.exe
  C:\Windows\System\rFdyFyG.exe
  2⤵
  PID:8048
- C:\Windows\System\LCyxtvQ.exe
  C:\Windows\System\LCyxtvQ.exe
  2⤵
  PID:8108
- C:\Windows\System\wsYDzVC.exe
  C:\Windows\System\wsYDzVC.exe
  2⤵
  PID:8168
- C:\Windows\System\eGqfPbd.exe
  C:\Windows\System\eGqfPbd.exe
  2⤵
  PID:7288
- C:\Windows\System\rbhPJvX.exe
  C:\Windows\System\rbhPJvX.exe
  2⤵
  PID:7436
- C:\Windows\System\nuABLNu.exe
  C:\Windows\System\nuABLNu.exe
  2⤵
  PID:7600
- C:\Windows\System\VGmmTwA.exe
  C:\Windows\System\VGmmTwA.exe
  2⤵
  PID:7744
- C:\Windows\System\wqmdFfb.exe
  C:\Windows\System\wqmdFfb.exe
  2⤵
  PID:7888
- C:\Windows\System\WFtEJrr.exe
  C:\Windows\System\WFtEJrr.exe
  2⤵
  PID:8028
- C:\Windows\System\xuIqWAb.exe
  C:\Windows\System\xuIqWAb.exe
  2⤵
  PID:7184
- C:\Windows\System\BnYtujS.exe
  C:\Windows\System\BnYtujS.exe
  2⤵
  PID:7552
- C:\Windows\System\WdrCAGL.exe
  C:\Windows\System\WdrCAGL.exe
  2⤵
  PID:7876
- C:\Windows\System\FNarabn.exe
  C:\Windows\System\FNarabn.exe
  2⤵
  PID:7380
- C:\Windows\System\NuTynoV.exe
  C:\Windows\System\NuTynoV.exe
  2⤵
  PID:8156
- C:\Windows\System\TKjdSvF.exe
  C:\Windows\System\TKjdSvF.exe
  2⤵
  PID:8200
- C:\Windows\System\WUHJljX.exe
  C:\Windows\System\WUHJljX.exe
  2⤵
  PID:8228
- C:\Windows\System\cnetdWZ.exe
  C:\Windows\System\cnetdWZ.exe
  2⤵
  PID:8256
- C:\Windows\System\AqxIPdH.exe
  C:\Windows\System\AqxIPdH.exe
  2⤵
  PID:8284
- C:\Windows\System\UNkkzRs.exe
  C:\Windows\System\UNkkzRs.exe
  2⤵
  PID:8312
- C:\Windows\System\qSoMUTf.exe
  C:\Windows\System\qSoMUTf.exe
  2⤵
  PID:8340
- C:\Windows\System\lvHtnRY.exe
  C:\Windows\System\lvHtnRY.exe
  2⤵
  PID:8368
- C:\Windows\System\LHimmWO.exe
  C:\Windows\System\LHimmWO.exe
  2⤵
  PID:8396
- C:\Windows\System\coeWQOH.exe
  C:\Windows\System\coeWQOH.exe
  2⤵
  PID:8424
- C:\Windows\System\OiWZZCv.exe
  C:\Windows\System\OiWZZCv.exe
  2⤵
  PID:8452
- C:\Windows\System\phgDGuC.exe
  C:\Windows\System\phgDGuC.exe
  2⤵
  PID:8480
- C:\Windows\System\cGBCAAL.exe
  C:\Windows\System\cGBCAAL.exe
  2⤵
  PID:8516
- C:\Windows\System\LGegwop.exe
  C:\Windows\System\LGegwop.exe
  2⤵
  PID:8536
- C:\Windows\System\qTBYrUO.exe
  C:\Windows\System\qTBYrUO.exe
  2⤵
  PID:8564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AJNIAal.exe

Filesize
2.1MB

MD5
489ce051adbe4a2ca000c8122aabea91

SHA1
4e6d8c7c29195dd90d4a1c219df1c391e155a232

SHA256
5d0154eafbcc392f0a72bc2886762c99aa485b15cdf48163e103eb6cb9c8f161

SHA512
f0144544a0f63fd00d37e7e9c77a59518ed1bb96321e2a57c2369aa94032a506d3ee50293c532dec19e5d4fbf6c20fc2887b66fe4ac689c90b9759869e75779d

Download Submit
C:\Windows\System\EmnYtfc.exe

Filesize
2.1MB

MD5
78789270afb3fc63907f2741afe36d2a

SHA1
747d648f1f931a2422a43e71aa97f2221415e6f1

SHA256
43a7dddb352357616e94aa334b82253c3fc22120d24c0a4292b25347084a8e9c

SHA512
55cc77635cbdd6fc2f3dd53bef3f4564bc1696dc520c9a073fbdc995145b97c0e1a84daeb36a60061b1903e54d72d8e73c350d49c0d344d0218fe82b92d924ce

Download Submit
C:\Windows\System\FdSXcSD.exe

Filesize
2.1MB

MD5
38200c3c789e383c3fbb7de0210e8815

SHA1
ac950c140685d83ff26cc55c8e87cda80bd297db

SHA256
373f7734e2c3f9f91440c0a13407fb96b6df64b42a308fa159e2211bd09f37d3

SHA512
f71b929a404597282041ef945907f53e2917e4ea710af164431b8282746656a788ce6b30a46bcafd01903beb62a4219ee81494c35f93e1331c5bb4aa391b1598

Download Submit
C:\Windows\System\FpvYVBZ.exe

Filesize
2.1MB

MD5
f682f32dd5e72dcb8a6da1023947e804

SHA1
d7c8db7e880d3505f182053f2b0bf6e8dc6df991

SHA256
62f873e630893e0930cd90f651ece97f488929e3b07a24e63e869778e9d8f020

SHA512
c8faec599f66da8708333a12f65bca7eb90b5b5dfdcd81df24584466afc153f3fb0b82b3bcb0ed29b862e85d37a047fec36bfe8a0fc669d1215bb47792ba7992

Download Submit
C:\Windows\System\HHMHRWq.exe

Filesize
2.1MB

MD5
8dec528eb8c938d683ba8b45f6b41933

SHA1
3554da7f109a8af6751f4bd7e0760445a2bb1a4a

SHA256
ad53c2cd92bb9fe1ff39111a7fb5a874f54919e1210bde094d14bfbf5f5e773d

SHA512
de16e9cae697b7a0ccb4ccedc80176644a13aa3c6dcf5ab97af10febe31dbc803edde4347c0fa3b15af84653eceaefaea11b6f699d2083e778b097bd6f1cceac

Download Submit
C:\Windows\System\HKUkkSO.exe

Filesize
2.1MB

MD5
b15b509f75f34c02180077644cad1f94

SHA1
c96fce6221d8e9c811956d80032387317a7d0a0d

SHA256
281c5b0bbf05489824ad3f20096f77fcdaa801c7465e9da65267952c3614e491

SHA512
607bf73e223edbe813152e6d296c82583eee8022fcc68197f67878a680ea5a8056bae0e4585b82af92f615dd2a5d610aaeb63d1feb4c854c7db7d9ee11919244

Download Submit
C:\Windows\System\IRURKkd.exe

Filesize
2.1MB

MD5
9036692b06bb1c86a1ea6c64a24da540

SHA1
846546466af5510c3f26afa83b49ad52f121a167

SHA256
1ad5218136f9f791d3efa1bb5014d82bb03e9e0576e70dfaf9a15485b9f92cf5

SHA512
23ad33fca61fca5c0b20d013c0f21be59325d13164d7d767021306f6606f1adf1cb849b782b7400704fc8dc54b753d5616c992cd66b98d45a47e21222f94c883

Download Submit
C:\Windows\System\IusTsuD.exe

Filesize
2.1MB

MD5
d77dfd19535ebcd489b844fab6519dd1

SHA1
d736886458b1180ea287e1a60554adb2da49a4a2

SHA256
25ee3fffa299a68ee12958a91308dac3a532ddcd9cdbafa32290fac24c4ba5b6

SHA512
7f0ba328977592db28458930e3183b721877286040992de09fd359852904ef9f42308732e1ebc782662efd8b6c3f2a8c800101b5b0e0e7e812752dc9b2abccad

Download Submit
C:\Windows\System\KINOfRZ.exe

Filesize
2.1MB

MD5
d8695fcf8edb8a5c776bee921b6a29d9

SHA1
5a703e88ac909274ba3afbb868ed67af23e4b272

SHA256
68340496af010d3d0afdfb53f98662947dadc002450d0e9cf9045f923aaded63

SHA512
0041edf5a956425e8e350df3d8d04dc89b7cf5fdcec8ab8af4923c5a66562b4d050c8d946c69572bf0b3e5b117e721b25dd4bcf767a4906fad48499fb2e77764

Download Submit
C:\Windows\System\KTeQbkk.exe

Filesize
2.1MB

MD5
5b5d7a40acdcf04ffd13cc183ec4409f

SHA1
30a30358831388029338f920795af568888833c0

SHA256
f00750bae0fe3fe4b8b0da6e2c72663db6809df9b1bb51760316019b027f980d

SHA512
eed7cfb5ea44813e09a6ff194550b9d2efc494a33a2b959046e1c2f6b5c9841cf60e38fe7279685e1824e3ce463bb11fe0a07bc43a1c1e4282dbc09d9d68192c

Download Submit
C:\Windows\System\KtJfbik.exe

Filesize
2.1MB

MD5
cbbc53c1af7650284826cc0076cc6ef1

SHA1
f4c3764c0a0a9d5c6f4408e16d70abd8435d8e65

SHA256
d23a97215f77732253fd160733660a4e27cf392e41fcbf0c29115c0ada83a2df

SHA512
5bb33a3f0065e9e629b2c9d4ad85ca1c53103300b233ea76a30c5b1d67f410710055c5fd4b008d3347fcb86b0394bbcf794d4e44e44ea82a98e34085f9d36124

Download Submit
C:\Windows\System\LHxsQIC.exe

Filesize
2.1MB

MD5
cda47d619d4d25347b14bf6acc0ab283

SHA1
b8f81dca3a05e5fa597b6695a2fd73b6e8313945

SHA256
1f58ea600ae5c8467a84d7da88e1b022a210fe49e0df46df2a076e4059afbd68

SHA512
e007e0238a5b43624f84880dfd28f5dc997a71c15227db3e283a167338d814ad8f13cf9815e2246bd57eb50e7a48f763b40f6266c99b06ea385c0ed38d899cd0

Download Submit
C:\Windows\System\LQpJRUe.exe

Filesize
2.1MB

MD5
b13164f628eeda86a40fd8d2970f8503

SHA1
98f55554f27ec5d74c0adc4c974b897445f2fd54

SHA256
3e5497884b8e1788d4331f4d3e2c8b4e955e5cbd7163257d8cd5f8620259567d

SHA512
9e7b1fd36f07d9872890e45c1cdc140dcccb05c2966b3a65c9de60961110e54c14bed4f85e6464ddae45b64a7ce55d06da403c726c79422cd50e8c2cc4893113

Download Submit
C:\Windows\System\LSDLCLE.exe

Filesize
2.1MB

MD5
eaac0b9ce7af0584e1c9a72abc177abf

SHA1
62c3a728e77a6964fec912bf055f3948908b38c0

SHA256
fc86227982ef0a266bb5fffd3e122070e3624aff3e664c7dccc20a186e058d5c

SHA512
c5e2caa80ce0a4bd118f4f2d334ad002de9471b9e353ad365e2f690a6b7d15250388086a41525cc09f1536f0fa812b4096ba042ceb98fbe62b3971e853a32266

Download Submit
C:\Windows\System\NAsfRHq.exe

Filesize
2.1MB

MD5
3da9055676797f36ff30e44b57aea239

SHA1
a5d2e3fd334807d5a15810382dfe818b6ff7a80c

SHA256
f770af2f5a94cea523613dbf1bbc63f9c3de750a4be58f06d21a4adf3f005efc

SHA512
9ef15ea3bc86a4a6eeb966d0044c7f3b4d2e51d2810eb58a2d526b68aff5017842309471e26b17ecdb4a44ddf6bec9b57f39a9099c6c587db97d6abb0845bc28

Download Submit
C:\Windows\System\NnxXxmH.exe

Filesize
2.1MB

MD5
555fa72c1c4691aa8aeb08225d5822d9

SHA1
d146cebbf887f2dd63626f177d99cad3182e3d08

SHA256
e830855bbbf3a1e17dae49771e0b9afc110d6c9548d015449ff62e7e8f06563f

SHA512
0c2c9abf737c44276889d362363cb261faabbf2a7a1f3f69c30cdf82b4eae7d56a7b7e057dae52ed9729f4c7e7a8836182d92ab0a4fe1612b481e5cf86963ba2

Download Submit
C:\Windows\System\OzPYGpJ.exe

Filesize
2.1MB

MD5
3f47397eaeb622d5204e6672eb694555

SHA1
701491d0ba09b7b640aa93527a9c4b90e92404a4

SHA256
2d0a224ff017ba0e1358d26e5bcf0317336b6b4064c561191349c23e314fe774

SHA512
b5f0787021303a6a869be0899fd9a365f97a69f93e59e5efd74aaf1c81b323412e1e2a6930f2c22e968e683de6f55990c138e96e907671860681364965a9270c

Download Submit
C:\Windows\System\SJHmdjJ.exe

Filesize
2.1MB

MD5
59072c144c5d3bd7add668db5cf6d089

SHA1
4cc0842f9fa653d26ef81eaddded7c402106d22c

SHA256
858fa879f864172230b3a1d92d9fe68c35bdb095a5a9a0a6c6a6873edd2ee627

SHA512
6e516480c518fac8892e470c24d06d8d1c5278f4e78ad1c7945ca7a31b3e725beb622964b0c752478c88b3ab92ee487b379c930aec8c7a0126590da45b00781b

Download Submit
C:\Windows\System\SZuyzNr.exe

Filesize
2.1MB

MD5
1afba8f75b5790b7def3ead221d8d87b

SHA1
1eda510f8e61e412431a4b6459025afd26e08dfb

SHA256
bb33d6acf95615e69c2c6c20109aa708aaf7ad87a57bb7d47314df7ba47689d1

SHA512
b48c480e781087886500af138ca8ea734945769901abe0e8ed3b1c058f1edea0adfa9599695198b101db2e488652c603d5dcb66fb4fceed5a51347a1ac222d87

Download Submit
C:\Windows\System\SeRXQGM.exe

Filesize
2.1MB

MD5
087106a1813c0793c71883024a81016c

SHA1
cf7672d36a41aaccf0d03dae8348d7e25a605627

SHA256
b8e5302b9b124a510b8106ab883f28e3c54697f73fc439751e9140fd5f597f70

SHA512
13f88bf926958232176fbac62ecb1b018a0872d22c682c396bcf48bcdfb0a6cebd7a251da2c683ed66c4840ce2707a321a0f5d7118b10d998f99e9a995b93b90

Download Submit
C:\Windows\System\TyTVfZD.exe

Filesize
2.1MB

MD5
20901c5df4ede78d55c41f28c74e7aae

SHA1
8b78df26e1f7680f942da69baa7101f40ebfd3f2

SHA256
72d3a5ff96726548a4069f139eee27a609c446ca3980dc2e2027af0eef67ada8

SHA512
4befd438dc1a0ae79a17e6731e660552d697f2e1051b81c9e62d69f39d50dfe73c4e5c24d52578f7722fee257ae483b109dcf9422b62fad5c3e00d73ea155522

Download Submit
C:\Windows\System\WnNVtbl.exe

Filesize
2.1MB

MD5
f25fb3025201118cabf3c05350dc313e

SHA1
0badf17c23bd83832930820ba41fad643ad1f56e

SHA256
aaece37154d58425950513b84d0dc611e5ab4aa32ffeff724a465335c0db183b

SHA512
aa1341f4214420d64feda7d61a69f4b76ac4a7ef20f727465c4188cb11db87dc239ea0488a6438eeed2d354a5eddf7415889859ff4a180c6406d63360c6bfeb4

Download Submit
C:\Windows\System\XKOWEFk.exe

Filesize
2.1MB

MD5
7aff739eacd6e40fc1ac475cbac26031

SHA1
e4ebca9bff8f6d18656c8a8781f105bdffcb13fb

SHA256
1c506c5548d151052682f4e240b292aa50e1050684cca71d053bbd7069de0afc

SHA512
a4a038ce07b722b5182bdb9be8a696eab9ec4e78a655939d46e1c34b40818dd0cf17a0b0ac2affdcb63454b50b5bbdbbc275e6b6fe418c6ef891c62731af8802

Download Submit
C:\Windows\System\ZEOHCHT.exe

Filesize
2.1MB

MD5
28ede258f72f0628530d0b7256cb785a

SHA1
d0bd246f21f82bc3f4db36adac9c4525499249e4

SHA256
f066104e92ee9492d4ab95d124497a819193d18c467dca324a65893ea11be658

SHA512
57026b7f6215ea81e36544fd472862ddbc53476e81e58f3bb767b9451b628c6bbcdd17b283459880dae2f54d1e8bc219421ecf0272aa6d964d08fbd65743d951

Download Submit
C:\Windows\System\adhBCLJ.exe

Filesize
2.1MB

MD5
57ee960b985b201570cda6c17fc28f95

SHA1
336e8832167b49b7538b26dfe18b3666cccd0809

SHA256
02f418868b35ed01df7f87eb09ddb1b606c69e6bd3401b2521adc4ca22d3e81d

SHA512
95efd6dc567495ab17bafb7e9254b07b47df4e47e2fad1a631b83cc363480c6a81dc56686d6850ab3544500d3cabcf05a2f79f8697fcb80563d24b02a7bfba11

Download Submit
C:\Windows\System\bxktuoY.exe

Filesize
2.1MB

MD5
44b2aac3e577ab95dcb293edc96e9faf

SHA1
e5acba4117069d6660f34bbec875944de00bd541

SHA256
2436513816def2ff2197555b70485cb3282e0740496d76f3c31f5501ff5d15a7

SHA512
198c8ac1c4ce09b6645bbc3270bcb9450d747436846fc5dfdd298933c060cecc7b79a72f6eddc6dec016c8d11f466495725907825a052a8fe546d73be62754bf

Download Submit
C:\Windows\System\czfMzZK.exe

Filesize
2.1MB

MD5
1d7ca13f7abc11467244be4ad7a640d4

SHA1
d570f5143d853a92324ed36a5f68fa39b0a99e62

SHA256
2e2ef4963290f1d4f5840a37bdda57d70a8cae9d5764fe8836f8c139b6206b28

SHA512
ab3ad3a74efcf5316de9bd9e23afb0b1ef720d7ffbe8bbbe15008b77badff2b3c185ba436e5ef3790840f46e62d59d017fd49f26e70e8f92b342ff85923984cd

Download Submit
C:\Windows\System\eYZVSEk.exe

Filesize
2.1MB

MD5
f929822e8829482f185be3aa76beeffa

SHA1
199b3225b49914969fa0838d80fcf6556011af5b

SHA256
fdeeffcb41797543feb09ad568c8a3988a3b111c608c401ac045fcf3b5cc2771

SHA512
f3a320f9eca32d207b67dcce2755499e3a4acd21c461f2598c3e6b7df7371df4028b3d1be4e7600e512cec3bd2387792a76b2466e0f1c86cea4f0eaa75c06d15

Download Submit
C:\Windows\System\fJpdYdy.exe

Filesize
2.1MB

MD5
b400c3ba21afb676cdb277d37f148614

SHA1
c410ea32d71168a823e34dd8338871907b144f9c

SHA256
692f2db761c35293566db438d77ae190e1f2d1afcaa445667262ccc42f018df0

SHA512
3b0e98a9a09673393718345c0a456a0d9ab9e5b212de534a1964577607c1eeb373f43456f7bee6e39dadd381d7d4a52e2298a806b4f0aefbf530c4f47bc61844

Download Submit
C:\Windows\System\lBnlpGM.exe

Filesize
2.1MB

MD5
01219698ffcc1685831294842caaf47f

SHA1
41fa8c1a865f97e1401caafde1d9aad4d572064f

SHA256
cd0a5fc7559db95b7b4dc42bf2be3fcbdbe425eeef873aa1fc9f351fea5a7b3e

SHA512
983b11bb89330478d0230cbd999ababd16658484772f63bbf31668f80bd98e78efe2b88e42b9b82edb50f878647a6b2d31aee2b265579dc2d7869e54e7a6fce1

Download Submit
C:\Windows\System\uwSuXsP.exe

Filesize
2.1MB

MD5
1ea5a161881f6a15727111ab99f7195c

SHA1
5dedeb59befbc683052b9dc72630d2fe466420a2

SHA256
fcd356678df2d08de6ec9b15f2e71450f99025fecc79fd968bb29561eb914b21

SHA512
b1a9be8d9ec968b86736311bc8f47b760cd805fca200fb2bf5830b18841bd0e07ae1e1a3bc32d3603662dd71cb2146c05c22ecb9fb25602c86d6991569660d1d

Download Submit
C:\Windows\System\woMeEZn.exe

Filesize
2.1MB

MD5
ce902a8f2e5f621b777c0ad6d1dd86d9

SHA1
72288d1fc8610293c864468d8c21c3f7252e6101

SHA256
acae480de9f6a6e7238a0bafcb4e547a764cc68f2fd3f6aaf0f2957bb8ef27b1

SHA512
f138142202ad950dc91b79e51c84d44148611479daff23cc321dd133cf63a8a7b67c3268543193037a88cbf4bc63b0f3e1cd389a91e5203c230be0720fa9575d

Download Submit
memory/1060-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download